David A. Martinez
Abstract
The tenuous network of interconnected data that supports our nation's critical infrastructure has been built up, computer by computer, over only the last few decades. From punch cards to the supercomputers constructed by pioneers in today's fields, computers have been controlling our nation's critical sectors nearly every step of the way. As designers of today's critical systems gravitate slowly towards systems that require less human oversight than ever before, the vulnerability of the networks that control our electricity systems, water supply, and banking services also continues to increase. In recent control system security reviews, the Departments of Energy and Homeland Security (DHS) hired experts from Idaho National Labs who found that not only do "all of the evaluated systems suffer from high-impact security vulnerabilities that could be exploited by a low-skill-level attacker," but "in currently deployed systems, enhanced security controls cannot easily be implemented while still assuring basic system functionality" (Turner). While the federal government has attempted on several occasions to outline its strategy to implement cybersecurity policies, its defining statement on the issue is in the form of the National Infrastructure Protection Plan (NIPP). Even then, these government documents mean little if neither government nor private agencies implement them in their respective fields.
- Arnone, Michael. "DHS completes National Infrastructure Protection Plan."
FCW.com News . June 30, 2006. May 29, 2007. <http://www.fcw.com/article95113-06-30-06-Web>Google Scholar
- Dacey, Robert F.
Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems . Government Accountability Office. March 30, 2004. May 30, 2007. <http://www.iwar.org.uk/cip/resources/gao/d04628t.pdf>Google Scholar - Department of Homeland Security.
DHS | National Infrastructure Protection Plan . May 25, 2007. <http://www.dhs.gov/xprevprot/programs/editorial_0827.shtm#2<Google Scholar - Department of Homeland Security.
DHS | Sector-Specific Plans . May 25, 2007. May 29, 2007. <http://www.dhs.gov/xprevprot/programs/gc_1179866197607.shtm>Google Scholar - Department of Homeland Security.
Communications: Critical Infrastructure and Key Resources - Sector Specific Plan as Input to the National Infrastructure Protection Plan . May 29, 2007. <http://www.dhs.gov/xlibrary/assets/Communications_SSP_5_21_07.pdf>Google Scholar - Department of the Treasury.
Banking and Finance: Critical Infrastructure and Key Resources - Sector Specific Plan as Input to the National Infrastructure Protection Plan . May 29, 2007. <http://www.dhs.gov/xlibrary/assets/Banking_SSP_5_21_07.pdf>Google Scholar - Direct Mag. "Congress May Revisit Can Spam." April 4, 2007. May 30, 2007. <http://directmag.com/disciplines/email/congress_revisit/>Google Scholar
- Government Accountability Office.
Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems . May 2005. Retrieved May 30, 2007. <http://www.gao.gov/new.items/d05231.pdf>Google Scholar - Lipowicz, Alice. "DHS approves IT sector protection plan."
Washington Technology . May 24, 2007. <http://www.washingtontechnology.com/online/1_1/30715-1.html>Google Scholar - Market Wire. "Information Technology Sector Welcomes Sector Specific Plan." May 21, 2007. <http://www.marketwire.com/mw/release_html_b1?release_id=255271>Google Scholar
- Turner, Aaron. "U.S. Critical Infrastructure in Serious Jeopardy." Edited by CSO Online. April 19, 2007. <http://www2.csoonline.com/exclusives/column.html?CID=32893>Google Scholar
- Based off of the Testimony of Aaron Turner to the Subcommittee on Emerging Threats, Cybersecurity and Science & Technology of the House Committee on Homeland Security. <<homeland.house.gov/SiteDocuments/20070419153130-95132.pdf>Google Scholar
- Wagner, Cynthia. "Countering Cyber Attacks." The Futurist. May-June 2007: 16.Google Scholar
- White House.
The National Strategy to Secure Cyberspace . February 2003. May 30, 2007. <http://www.whitehouse.gov/pcipb/cyberspace_strategy.pdf>Google Scholar
Index Terms
- Protecting critical infrastructure: implementing integration and expanding education: first prize: 2007 Schubmehl-Prein Essay contest
Recommendations
Critical infrastructure dependencies
The proper functioning of critical infrastructures is crucial to societal well-being. However, critical infrastructures are not isolated, but instead are tightly coupled, creating a complex system of interconnected infrastructures. Dependencies between ...
What needs to be done: protecting critical infrastructure: second prize: 2007 Schubmehl-Prein Essay contest
It begins as a regular day in March of 1997, but by 9:00 a.m. all communications are down at the Worcester Airport in Massachusetts (Rindskopf). Telephone service at the airport and its fire department are cut off without warning. Six hours later all ...
Comments